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Amendment to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

Listing of the Claims 

What is claimed is: 

Claim 1 (currently amended): A method of establishing permission to use information 
associated with a user, said method comprising: 

identifying the user in connection with an application, said application requesting to use 
selected information associated with the user according to a predefined policy; 

determining whether permission was previously granted for the application to use the 
selected information according to the policy; and 

when permission was not previously granted for the application, seeking permission from 
the user for the application to use the selected information according to the policy ; 

when permission was previously granted for the application, determining whether one or 
more changes have been made to the policy since the permission was previously granted and 
whether the user should be notified of said changes; and 

notifying the user if determined that a change has been made to the policy since the 
permission was previously granted for the application to use the selected information and that the 
user is to be notified of said change. 

Claim 2 (original): The method of claim 1, wherein notifying the user comprises providing a 
user interface to inform the user of the change to the policy since the permission was previously 
granted for the application to use the selected information. 

Claim 3 (original): The method of claim 1 , further comprising requesting consent to the 
change via the user interface. 
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Claim 4 (original): The method of claim 3, further comprising denying use of the selected 
information by the application until consent to the change is granted in response to the user 
interface. 

Claim 5 (original): The method of claim 3, further comprising denying use of the selected 
information by the application if consent to the change is denied in response to the user interface. 

Claim 6 (original): The method of claim 3, wherein the identified user is associated with a 
managed account and wherein requesting consent to the change comprises requesting consent to 
the change from a manager of the account. 

Claim 7 (original): The method of claim 1, further comprising defining a consent state 
associated with the user, said consent state directly corresponding to a version of the policy for 
which the user has granted permission to the application to use the selected information. 

Claim 8 (original): The method of claim 7, further comprising maintaining a user profile 
associated with the user and storing the consent state in user profile. 

Claim 9 (original): The method of claim 7, further comprising identifying which version of 
the policy is currently in use for the application and determining when the version of the policy 
corresponding to the consent state is different from the version of the policy currently in use for 
the application. 

Claim 10 (original): The method of claim 9, wherein notifying the user of the change to the 
policy is responsive to determining when the version of the policy corresponding to the consent 
state is different from the version of the policy currently in use for the application. 

Claim 1 1 (original): The method of claim 7, wherein identifying the user comprises receiving 
login information from the user and authenticating the user based on the received login 
information. 
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Claim 12 (original): The method of claim 10, wherein authenticating the user comprises 
associating a unique identifier with the user. 

Claim 13 (original): The method of claim 12, further comprising associating the unique 
identifier for the user to the consent state associated with the user. 

Claim 14 (original): The method of claim 1, further comprising storing information 
representative of which version of the policy is current. 

Claim 15 (original): The method of claim 1, further comprising storing content of the change to 
the policy relative to a version of the policy. 

Claim 1 6 (original): The method of claim 1 , further comprising maintaining a notification store 
containing information representative of one or more of the following: a grace period for 
granting consent to the change to the policy; content of the change to the policy relative to a 
version of the policy; and a current version number of the policy. 

Claim 17 (original): The method of claim 1, wherein the application comprises a web service 
provided to the user via a client by one or more network servers, said client and network servers 
being coupled to a data communication network. 

Claim 18 (original): The method of claim 17, further comprising managing use of the selected 
information as a function of whether the user has a relationship with another web service. 

Claim 19 (original): The method of claim 17, further comprising storing, in a central database, 
a user profile containing the information associated with the user, said central database being 
associated with a central server coupled to the data communication network. 

Claim 20 (original): The method of claim 17, wherein the client operates a browser configured 
to permit the user to communicate on the data communication network, and wherein notifying 
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the user comprises providing a user interface via the browser to inform the user of the change to 
the policy and to request re-consent. 

Claim 21 (original): The method of claim 17 wherein the network servers are web servers and 
the data communication network is the Internet. 

Claim 22 (currently amended): One or more computer-readable storage media have computer- 
executable instructions for performing the method of claim 1 . 

Claim 23 (currently amended): A method of managing consent between a client and at least one 
network server, said client and said network server being coupled to a data communication 
network, said network server providing one or more services to a user via the client, said client 
operating a browser configured to permit the user to communicate on the data communication 
network, said method comprising: 

identifying the user in connection with the network server, said network server requesting 
to use selected information associated with the user according to a predefined policy; 

defining a consent state associated with the identified user, said consent state directly 
corresponding to a version of the policy for which permission has been granted for the network 
server to use the selected information; 

identifying which version of the policy is currently in use for the network server; and 

determining whether the user has requested notification of a change in the policy version 
wherein the version of the policy corresponding to the consent state is different from the version 
of the policy currently in use for the network server; and 

providing a user interface via the browser to notify the user when the version of the 
policy corresponding to the consent state is different from the version of the policy currently in 
use for the network server of the change in the policy version in response to determining that the 
user has requested the notification . 

Claim 24 (original): The method of claim 23, wherein the user interface is provided by a 
central server also coupled to the data communication network. 
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Claim 25 (original): The method of claim 23, further comprising notifying the user of one or 
more differences between the version of the policy corresponding to the consent state and the 
version of the policy currently in use for the network server. 

Claim 26 (original): The method of claim 23, further comprising requesting consent to the 
version of the policy currently in use for the network server via the user interface. 

Claim 27 (original): The method of claim 26, further comprising denying use of the selected 
information by the network server until the consent is granted in response to the user interface. 

Claim 28 (original): The method of claim 26, further comprising denying use of the selected 
information by the network server if the consent is denied in response to the user interface. 

Claim 29 (original): The method of claim 26, wherein the identified user is associated with a 
managed account and wherein requesting consent to the version of the policy currently in use 
comprises requesting consent from a manager of the account. 

Claim 30 (original): The method of claim 23, further comprising maintaining a user profile 
associated with the user and storing the consent state in user profile. 

Claim 3 1 (original): The method of claim 23, further comprising storing content of a change to 
the policy corresponding to the consent state relative to the version of the policy currently in use 
for the network server. 

Claim 32 (original): The method of claim 23, further comprising maintaining a notification 
store containing information representative of one or more of the following: a grace period for 
granting consent to the change to the policy; content of a change to the policy relative to a later 
version of the policy; and a current version number of the policy. 

Claim 33 (original): The method of claim 23, further comprising managing use of the selected 
information as a function of whether the user has a relationship with another service. 
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Claim 34 (original): The method of claim 23, further comprising storing, in a central database, 
a user profile containing the information associated with the user, said central database being 
associated with a central server coupled to the data communication network. 

Claim 35 (original): The method of claim 34 wherein the central server is an authentication 
server of a multi-site user authentication system and the network servers are affiliated with the 
authentication server, said authentication server receiving requests to authenticate the user when 
the user requests the web service to be provided by one or more of the affiliated network servers. 

Claim 36 (original): The method of claim 23, wherein the network servers are web servers and 
the data communication network is the Internet. 

Claim 37 (original): One or more computer-readable storage media have computer-executable 
instructions for performing the method of claim 23. 

Claim 38 (currently amended): An authentication system comprising: 

an authentication server coupled to a data communication network; 
an authentication database associated with the authentication server, said authentication 
database storing authentication information for comparison to login information provided by a 
user for authenticating the user, said authentication database further storing user-specific 
information identifying the user with respect to one or more services provided by at least one 
affiliate server coupled to the data communication network, said affiliate server providing the 
one or more services to the user via a client coupled to the data communication network and 
requesting to use selected information associated with the user according to a predefined policy; 

said authentication server being configured to identify which version of the policy is 
currently in use for the affiliate server , to determine whether user has requested notification of 
policy version changes, and to provide a user interface for notifying the user when the version of 
the policy currently in use is different from a policy under which the user previously granted 
permission for the affiliate server to use the selected information and the user has requested 
notification of the policy version changes . 
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Claim 39 (original): The system of claim 38, further comprising a notification store containing 
information representative of one or more of the following: a grace period for the user to 
consent to the change to the policy; content of a change to the policy relative to a later version of 
the policy; and a current version number of the policy. 

Claim 40 (original): The system of claim 38, wherein the user interface provided by the 
authentication server further displays a user-selectable option for requesting consent from the 
user for the version of the policy currently in use for the affiliate server. 

Claim 41 (original): The system of claim 38, wherein the affiliate server is a web server and 
the data communication network is the Internet. 

Claim 42 (currently amended): One or more computer-readable storage media having computer- 
executable components for managing consent between a client and at least one network server, 
said client and said network server being coupled to a data communication network, said 
network server providing one or more services to a user via the client and requesting to use 
selected information associated with the user according to a predefined policy, said tangible 
computer-readable media comprising: 

an authentication component for authenticating the user and for identifying which version 
of the policy is currently in use for the network server; 

a profiling component for determining whether the user previously granted permission 
for the network server to use the selected information and for retrieving a consent state 
associated with the user, said consent state directly corresponding to a version of the policy for 
which the user has previously granted permission for the network server to use the selected 
information; and 

a re-consent component for determining whether the user has requested notification of 
policy version changes and notifying the user according to said request of one or more 
differences changes between the version of the policy currently in use for the network server and 
the version of the policy associated with the consent state and for requesting consent to the 
differences changes from the user. 
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Claim 43 (currently amended): The computer-readable storage media of claim 42, further 
comprising a user profile store containing information associated with the user and wherein the 
central server is responsive to the profiling component for retrieving the consent state associated 
with the user from the user profile store. 

Claim 44 (currently amended): The computer-readable storage media of claim 42, wherein the 
re-consent component comprises an interface component for providing a user interface to the 
user via the client. 

Claim 45(currently amended): The computer-readable storage media of claim 42, further 
comprising a notification store containing information representative of one or more of the 
following: a grace period for the user to consent to the change to the policy; content of the 
change to the policy relative to a version of the policy; and a current version number of the 
policy. 
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